<?php
include("php/dao/UserDAO.php");
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
//$username = 'test';
//$password = 'test';
$userDAO = new UserDAO();
$user = $userDAO->getUserWithPayment($username, $password, 1);
// Mysql_num_row is counting table row
//$count = mysqli_num_rows($user);

// If result matched $username and $password, table row must be 1 row
if ($user["Username"] == $username) {
    // Register $username, $password and redirect to file "manage.php"
    $_SESSION["username"] = $username;
    $_SESSION["UserId"] = $user["Id"];
//    echo "Test";
    header("location:manage.php");
} else {
    echo "Wrong Username or Password!";
}

//$host = "localhost"; // Host name
//$username = "root"; // Mysql username
//$password = "root"; // Mysql password
//$database = "test"; // Database name
//$tbl_name = "user"; // Table name
//
//// Connect to server and select databse.
//// Create Database connection
//$connection = mysqli_connect($host, $username, $password, $database);
//
//// Check connection
//if (mysqli_connect_errno()) {
//    die("Failed to connect to MySQL: " . mysqli_connect_error());
//}
//
//// username and password sent from form
//$myusername = $_POST['username'];
//$mypassword = $_POST['password'];
//
//// To protect MySQL injection (more detail about MySQL injection)
//$myusername = mysqli_real_escape_string($connection, stripslashes($myusername));
//$mypassword = mysqli_real_escape_string($connection, stripslashes($mypassword));
//$sql = "SELECT * FROM $tbl_name WHERE username='$myusername' and password=MD5('$mypassword')";
//$result = mysqli_query($this->connection, $query);
//
//// Mysql_num_row is counting table row
//$count = mysql_num_rows($result);
//
//// If result matched $myusername and $mypassword, table row must be 1 row
//if ($count == 1) {
//
//// Register $myusername, $mypassword and redirect to file "login_success.php"
//    $_SESSION["username"] = $myusername;
//    $_SESSION["password"] = $mypassword;
//    header("location:login_success.php");
//} else {
//    echo "Wrong Username or Password";
//}
?>